When it comes to computer security, there are three main objectives: confidentiality — ensuring no one can steal your data; integrity — ensuring that your data has not been changed in any unauthorized way; and availability — making sure that you have access to the resources you need to do what you need to do.
Most research focuses on the first two, said Ning Zhang, assistant professor of computer science and engineering at the McKelvey School of Engineering at Washington University in St. Louis. It’s easy to see why. “If you are stopping me from using my credit card, that’s fine. It’s not as bad as if it were stolen and used by a thief,” he said, but what about when it comes to a self-driving car that’s barreling down a pothole-riddled road at 80 mph surrounded by other vehicles doing the same? In that situation, a little access — to the brakes, maybe? — would come in handy.
Zhang’s student presented research at the 43rd IEEE Symposium on Security and Privacy in San Francisco, May 23-25, which outlined a new framework for system availability in cyber-physical systems such as self-driving cars. It ensures the user has availability assurance to some of the mission controls so that, in the event of a cyber attack, the system remains safe.